Lines Matching +full:enable +full:- +full:remote +full:- +full:sense
45 .Bk -words
75 can be configured using command-line options or a configuration file
78 command-line options override values specified in the
87 .Bl -tag -width Ds
107 options or as a comma-separated list.
193 command-line flag.
202 option are ignored when a command-line port is specified.
205 option override command-line ports.
235 structure that holds the remote host name.
255 .Cm from="pattern-list"
267 Each host has a host-specific key,
273 Forward secrecy is provided through a Diffie-Hellman key agreement.
283 host-based authentication,
285 challenge-response authentication,
299 on HP-UX, containing
308 for the account while allowing still public-key, then the passwd field
318 things like allocating a pseudo-tty, forwarding X11 connections,
323 of a non-interactive command, which
340 .Bl -enum -offset indent
420 .Bd -literal -offset 3n
421 if read proto cookie && [ -n "$DISPLAY" ]; then
422 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
425 cut -c11-` $proto $cookie
429 fi | xauth -q -
450 Public keys consist of the following space-separated fields:
451 options, keytype, base64-encoded key, comment.
455 .Bl -item -compact -offset indent
457 sk-ecdsa-sha2-nistp256@openssh.com
459 ecdsa-sha2-nistp256
461 ecdsa-sha2-nistp384
463 ecdsa-sha2-nistp521
465 sk-ssh-ed25519@openssh.com
467 ssh-ed25519
469 ssh-dss
471 ssh-rsa
493 The options (if present) consist of comma-separated option
497 that option keywords are case-insensitive):
498 .Bl -tag -width Ds
499 .It Cm agent-forwarding
500 Enable authentication agent forwarding previously disabled by the
503 .It Cm cert-authority
516 If an 8-bit clean channel is required,
518 .Cm no-pty .
523 An example might be a key that permits remote backups but nothing else.
538 If a command is specified and a forced-command is embedded in a certificate
551 .It Cm expiry-time="timespec"
556 .It Cm from="pattern-list"
558 name of the remote host or its IP address must be present in the
559 comma-separated list of patterns.
576 .It Cm no-agent-forwarding
579 .It Cm no-port-forwarding
585 .It Cm no-pty
587 .It Cm no-user-rc
590 .It Cm no-X11-forwarding
594 Limit remote port forwarding with the
633 .It Cm port-forwarding
634 Enable port forwarding previously disabled by the
639 .Cm cert-authority
641 comma-separated list.
646 .Cm cert-authority
652 .It Cm no-touch-required
655 This option only makes sense for the FIDO authenticator algorithms
656 .Cm ecdsa-sk
658 .Cm ed25519-sk .
659 .It Cm verify-required
662 This option only makes sense for the FIDO authenticator algorithms
663 .Cm ecdsa-sk
665 .Cm ed25519-sk .
667 Enable all restrictions, i.e. disable port, agent and X11 forwarding,
679 .It Cm user-rc
685 .It Cm X11-forwarding
692 .Bd -literal -offset 3n
695 ssh-rsa ...
697 restrict,command="dump /home" ssh-rsa ...
698 # Restriction of ssh -L forwarding destinations
699 permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa ...
700 # Restriction of ssh -R forwarding listeners
701 permitlisten="localhost:8080",permitlisten="[::1]:22000" ssh-rsa ...
703 tunnel="0",command="sh /etc/netstart tun0" ssh-rsa ...
705 restrict,pty,command="nethack" ssh-rsa ...
707 no-touch-required sk-ecdsa-sha2-nistp256@openssh.com ...
708 # Require user-verification (e.g. PIN or biometric) for FIDO key
709 verify-required sk-ecdsa-sha2-nistp256@openssh.com ...
710 # Trust CA key, allow touch-less FIDO if requested in certificate
711 cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
720 be prepared by the administrator (optional), and the per-user file is
722 its key is added to the per-user file.
725 hostnames, keytype, base64-encoded key, comment.
729 .Dq @cert-authority ,
737 Hostnames is a comma-separated list of patterns
770 and a non-standard port number.
780 The keytype and base64-encoded key are taken directly from the host key; they
794 .Dq @cert-authority
820 .Xr ssh-keyscan 1
824 .Xr ssh-keygen 1
831 .Bd -literal -offset 3n
833 cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....=
835 |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
838 @revoked * ssh-rsa AAAAB5W...
840 @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
843 .Bl -tag -width Ds -compact
857 This file is used for host-based authentication (see
861 world-readable if the user's home directory is on an NFS partition,
874 but allows host-based authentication without permitting login with
878 This directory is the default location for all user-specific configuration
920 can, but need not be, world-readable.
930 Access controls that should be enforced by tcp-wrappers are defined here.
935 This file is for host-based authentication (see
940 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange"
956 are displayed to anyone trying to log in, and non-root connections are
958 The file should be world-readable.
963 but allows host-based authentication without permitting login with
974 does not start if these files are group/world-accessible.
980 These files should be world-readable but writable only by
987 .Xr ssh-keygen 1 .
996 should be world-readable.
1008 machine-specific login-time initializations globally.
1009 This file should be writable only by root, and should be world-readable.
1015 during privilege separation in the pre-authentication phase.
1017 and not group or world-writable.
1025 The content of this file is not sensitive; it can be world-readable.
1031 .Xr ssh-add 1 ,
1032 .Xr ssh-agent 1 ,
1033 .Xr ssh-keygen 1 ,
1034 .Xr ssh-keyscan 1 ,
1041 .Xr sftp-server 8
1047 removed many bugs, re-added newer features and